package com.sundablog.controller.login;

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import com.sundablog.pojo.AdminUser;
import com.sundablog.result.BaseResult;
import com.sundablog.service.systemsetup.permissionsManage.user.UserService;

import cn.hutool.captcha.CaptchaUtil;
import cn.hutool.captcha.LineCaptcha;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.digest.DigestUtil;

/**
 * 登录控制器类 (只负责后台登入)
 * 
 * @ClassName: LoginController
 * @Description:登录控制器类 (只负责后台登入)
 * @author: 哒哒
 * @date: 2018年1月15日 下午10:06:28
 * 
 * @Copyright: 2018 www.sundablog.com Inc. All rights reserved.
 */
@Controller
@RequestMapping("/login")
public class LoginController {

	@Autowired
	private UserService userService;

	/**
	 * 生成验证码
	 * @Title: verifyCode   
	 * @Description: TODO(这里用一句话描述这个方法的作用)   
	 * @param: @param request
	 * @param: @param response
	 * @param: @param httpSession
	 * @param: @throws Exception      
	 * @return: void      
	 * @throws
	 */
	@RequestMapping("/verifyCode")
	public void verifyCode(HttpServletRequest request, HttpServletResponse response, HttpSession httpSession)
			throws Exception {
		response.setHeader("Pragma", "No-cache");
		response.setHeader("Cache-Control", "no-cache");
		response.setDateHeader("Expires", 0);
		response.setContentType("image/jpeg");
		int width = 90, height = 43, codeCount = 4, lineCount = 15;
		LineCaptcha lineCaptcha = CaptchaUtil.createLineCaptcha(width, height, codeCount, lineCount);

		Subject currentUser = SecurityUtils.getSubject();
		Session session = currentUser.getSession();
		
		session.setAttribute("verCode", lineCaptcha.getCode());

		ServletOutputStream outputStream = response.getOutputStream();
		// 生成图片
		lineCaptcha.write(outputStream);
		outputStream.close();
	}

	/**
	 * 登录界面显示
	 * @Title: index   
	 * @Description: TODO(这里用一句话描述这个方法的作用)   
	 * @param: @return      
	 * @return: String      
	 * @throws
	 */
	@RequestMapping("/index")
	public String index() {
		return "/login/login";
	}

	/**
	 * 登录
	 * @Title: loginClick   
	 * @Description: TODO(这里用一句话描述这个方法的作用)   
	 * @param: @param userName
	 * @param: @param password
	 * @param: @param verificationCode
	 * @param: @return
	 * @param: @throws DisabledAccountException      
	 * @return: BaseResult      
	 * @throws
	 */
	@RequestMapping("/loginClick")
	@ResponseBody
	public BaseResult loginClick(String userName, String password, String verificationCode)
			throws DisabledAccountException {
		// 使用shiro框架提供的方式进行认证操作
		Subject subject = SecurityUtils.getSubject();// 获得当前用户对象,状态为“未认证”
		AdminUser adminUser = userService.selectByUserName(userName);
		if (adminUser.getLocked() == 1) {
			return BaseResult.build(202, "账户以及被锁定");
		}
		AuthenticationToken token = new UsernamePasswordToken(userName,
				DigestUtil.md5Hex(password + adminUser.getSalt()));// 创建用户名密码令牌对象
		try {
			subject.login(token);
			return BaseResult.ok();
		} catch (AuthenticationException e) {
			return BaseResult.build(203, "用户名密码错误");
		}
	}
	
	/**
	 * 退出
	 * @Title: quit   
	 * @Description: TODO(这里用一句话描述这个方法的作用)   
	 * @param: @return      
	 * @return: BaseResult      
	 * @throws
	 */
	@RequestMapping("/quit")
	@ResponseBody
	public BaseResult quit() {
		Subject subject = SecurityUtils.getSubject();
		try {
			subject.logout();
			return BaseResult.ok();
		} catch (Exception e) {
			return BaseResult.build(201, "退出失败");
		}
	}
	
	@RequestMapping("/unauthorized")
	public String unauthorized() {
		return "/login/unauthorized";
	}
}
